Great Circle Associates List-Managers
(April 1997)

Subject: Re: Updated list of forged addresses
From: Alexander Verbraeck <A . Verbraeck @ IS . TWI . TUDelft . NL>
Date: Thu, 24 Apr 1997 18:01:39 +0200 (MET DST)
To: owner-list-managers-outgoing @ greatcircle . com (Satin Zeine-Johnson)
Cc: List-Managers @ greatcircle . com
In-reply-to: <199704241250 . GAA09140 @ hellcat> from "Satin Zeine-Johnson" at Apr 24, 97 06:50:57 am

> > A whole new bunch of forged subscriptions came in the last 24 hours.
> I may be asking stupid questions, but how do you know these are forged?

It's certainly not a stupid question. It becomes harder and harder to
see, and there will be a moment when the only way to know is a message
from the user "WHY AM I ON THIS LIST??? GET ME OFF!!!" or something like
that. I know at this moment the addresses are forged,  because all forged 
subscriptions come through a number of servers that are the same for 
each group of forgeries. Apparently the forgers hacked some accounts 
they use over and over again.

Secondly, I go over the list of new subscriptions to my lists once a day
and take a close look at the new ones. If they seem strange in some way,
I take a look at the Web page of the organizationor test if the user
exists (and has the same name as subscribed) with a SMTP VRFY at the server
(if allowed). I can go even as far as asking whether the user really wanted 
to subscribe, and if not, he was probably subscribed by a hacker.

Subscription confirmation helps a little bit, but the forgers also issue
lots of "INFO" commands for the lists, to be sure the mailboxes overflow.
So, I rather catch the e-mails before they make it to the list processing

Kind regards,
Alexander Verbraeck.

Dr. Alexander Verbraeck            Delft University of Technology
Department of Systems Engineering, Policy Analysis and Management
Jaffalaan 5        P.O. Box 5015, 2600 GA  Delft  The Netherlands
Tel: +31 15 2783805    Secr: +31 15 2788380   Fax: +31 15 2783429
e-mail: A .
 Verbraeck @
 sepa .
 tudelft .
 nl  List manager BPR-L, DYNMOD-L    See also ..../bpr-l.html

